README revision 256281
11553Srgrimes@(#) $Header: /tcpdump/master/libpcap/README,v 1.34 2008-12-14 19:44:14 guy Exp $ (LBL) 21553Srgrimes 31553SrgrimesLIBPCAP 1.x.y 41553Srgrimes 51553Srgrimeswww.tcpdump.org 61553Srgrimes 71553SrgrimesPlease send inquiries/comments/reports to: 81553Srgrimes tcpdump-workers@lists.tcpdump.org 91553Srgrimes 101553SrgrimesAnonymous Git is available via: 111553Srgrimes git clone git://bpf.tcpdump.org/libpcap 121553Srgrimes 131553SrgrimesVersion 1.x.y of LIBPCAP can be retrieved with the CVS tag "libpcap_1_{x}rel{y}": 141553Srgrimes cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_1_{x}rel{y} libpcap 151553Srgrimes 161553SrgrimesPlease submit patches by forking the branch on GitHub at 171553Srgrimes 181553Srgrimes http://github.com/mcr/libpcap/tree/master 191553Srgrimes 201553Srgrimesand issuing a pull request. 211553Srgrimes 221553Srgrimesformerly from Lawrence Berkeley National Laboratory 231553Srgrimes Network Research Group <libpcap@ee.lbl.gov> 241553Srgrimes ftp://ftp.ee.lbl.gov/libpcap.tar.Z (0.4) 251553Srgrimes 261553SrgrimesThis directory contains source code for libpcap, a system-independent 271553Srgrimesinterface for user-level packet capture. libpcap provides a portable 281553Srgrimesframework for low-level network monitoring. Applications include 291553Srgrimesnetwork statistics collection, security monitoring, network debugging, 301553Srgrimesetc. Since almost every system vendor provides a different interface 311553Srgrimesfor packet capture, and since we've developed several tools that 321553Srgrimesrequire this functionality, we've created this system-independent API 331553Srgrimesto ease in porting and to alleviate the need for several 341553Srgrimessystem-dependent packet capture modules in each application. 3529451Scharnier 361553SrgrimesFor some platforms there are README.{system} files that discuss issues 3729451Scharnierwith the OS's interface for packet capture on those platforms, such as 3829451Scharnierhow to enable support for that interface in the OS, if it's not built in 3950479Speterby default. 401553Srgrimes 411553SrgrimesThe libpcap interface supports a filtering mechanism based on the 421553Srgrimesarchitecture in the BSD packet filter. BPF is described in the 1993 431553SrgrimesWinter Usenix paper ``The BSD Packet Filter: A New Architecture for 441553SrgrimesUser-level Packet Capture''. A compressed PostScript version can be 451553Srgrimesfound at 4629451Scharnier 4729451Scharnier ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z 481553Srgrimes 4920458Sjoergor 5069004Simp 511553Srgrimes http://www.tcpdump.org/papers/bpf-usenix93.ps.Z 5216073Sphk 531553Srgrimesand a gzipped version can be found at 5461640Speter 5561640Speter http://www.tcpdump.org/papers/bpf-usenix93.ps.gz 5661640Speter 5729451ScharnierA PDF version can be found at 5829451Scharnier 5961640Speter http://www.tcpdump.org/papers/bpf-usenix93.pdf 601553Srgrimes 6161640SpeterAlthough most packet capture interfaces support in-kernel filtering, 6230796Sjoerglibpcap utilizes in-kernel filtering only for the BPF interface. 6371866SpeterOn systems that don't have BPF, all packets are read into user-space 641553Srgrimesand the BPF filters are evaluated in the libpcap library, incurring 6561523Speteradded overhead (especially, for selective filters). Ideally, libpcap 6661523Speterwould translate BPF filters into a filter program that is compatible 6771866Speterwith the underlying kernel subsystem, but this is not yet implemented. 6861523Speter 6961523SpeterBPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, OpenBSD, DragonFly 7071866SpeterBSD, and Mac OS X; an older, modified and undocumented version is 7161640Speterstandard in AIX. {DEC OSF/1, Digital UNIX, Tru64 UNIX} uses the 7261523Speterpacketfilter interface but has been extended to accept BPF filters 7361523Speter(which libpcap utilizes). Also, you can add BPF filter support to 7461523SpeterUltrix using the kernel source and/or object patches available in: 7571878Speter 7671878Speter http://www.tcpdump.org/other/bpfext42.tar.Z 7761523Speter 7861523SpeterLinux, in the 2.2 kernel and later kernels, has a "Socket Filter" 7947715Spetermechanism that accepts BPF filters; see the README.linux file for 8047715Speterinformation on configuring that option. 8147715Speter 8271363SpeterNote to Linux distributions and *BSD systems that include libpcap: 8347715Speter 8447715SpeterThere's now a rule to make a shared library, which should work on Linux 8547715Speterand *BSD, among other platforms. 861553Srgrimes 871553SrgrimesIt sets the soname of the library to "libpcap.so.1"; this is what it 8845744Spetershould be, *NOT* libpcap.so.1.x or libpcap.so.1.x.y or something such as 8971878Speterthat. 901553Srgrimes 9171878SpeterWe've been maintaining binary compatibility between libpcap releases for 9271878Speterquite a while; there's no reason to tie a binary linked with libpcap to 9361640Spetera particular release of libpcap. 9471878Speter 9571878SpeterProblems, bugs, questions, desirable enhancements, etc. should be sent 9661640Speterto the address "tcpdump-workers@lists.tcpdump.org". Bugs, support 971553Srgrimesrequests, and feature requests may also be submitted on the GitHub issue 981553Srgrimestracker for libpcap at 991553Srgrimes 1001553Srgrimes https://github.com/mcr/libpcap/issues 1011553Srgrimes 1021553SrgrimesSource code contributions, etc. should be sent to the email address 10355605Speterabove or submitted by forking the branch on GitHub at 10461640Speter 10561640Speter http://github.com/mcr/libpcap/tree/master 10661640Speter 10761640Speterand issuing a pull request. 1081553Srgrimes 10954205SpeterCurrent versions can be found at www.tcpdump.org. 11061523Speter 1111553Srgrimes - The TCPdump team 11271878Speter